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Disclaimer 


This report (“Report”) was prepared by Mazars LLP at the request of the Information Commissioner’s Office (ICO) and terms for the preparation and scope of the Report have been agreed with 
them. The matters raised in this Report are only those which came to our attention during our internal audit work. Whilst every care has been taken to ensure that the information provided in this 
Report is as accurate as possible, Internal Audit have only been able to base findings on the information and documentation provided and consequently no complete guarantee can be given that this 
Report is necessarily a comprehensive statement of all the weaknesses that exist, or of all the improvements that may be required. 


The Report was prepared solely for the use and benefit the ICO and to the fullest extent permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who 
purports to use or rely for any reason whatsoever on the Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification. Accordingly, any reliance placed on the 
Report, its contents, conclusions, any extract, reinterpretation, amendment and/or modification by any third party is entirely at their own risk. Please refer to the Statement of Responsibility in 
Appendix A3 of this report for further information about responsibilities, limitations and confidentiality. 


01 Summary 


The purpose of this report is to provide an update to the Audit Committee on the progress of the Internal Audit Strategy for the year ending 31 March 2022. In 
Section 02, we have provided a summary of our work to date, including the status and timing of each audit. Section 03 includes details of the new 
Government Functional Standard for Internal Audit. 


02 Current progress in 2021/22 


Plan overview 


Auditable Area Audit start date Assurance Level 


ae [e 


Cyber security June 2021 Draft report TBC 

Fines recovery June 2021 Final report 5 > 1 
Core financial controls October 2021 Planning 

Stakeholder management October 2021 Planning 

Workforce planning November 2021 Planning 


Procurement and contract management January 2022 


Performance reporting and management February 2022 
information 
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03 GovS 009 Internal Audit Standard 


Functional standards exist to create a coherent, effective and mutually understood 
way of doing business within government organisations and across organisational . 
boundaries, and to provide a stable basis for assurance, risk management, and ae 

capability improvement. They support value for money for the taxpayer, and HM Government 
continuity of implementation. 


Following a consultation exercise completed by the Government Internal Audit 


Agency (GIAA), which ran from 12 January to February 2021, the government 
functional standard GovS 009 Internal Audit came in effect from 29 July 2021 and Government 
was ‘Approved for Government Trial’. F e 
unctional Standard 


The purpose of this standard is to set expectations for internal audit activity to 
enhance the effectiveness and efficiency of governance, risk management and 
control across government organisations. The trial period continues for the next six 
months and a final version of the standard will be published by GIIA in early 2022. 


Prior to publishing, we were aware of the development of the standard and 
undertook an assessment of our existing internal audit approach to identify any 
variances from our current approach. We are now in the process of embedding the 
further practices identified within the standard into our approach and it is our aim to 
conclude this exercise and invest on an ongoing basis to ensure we comply with the 
standard from January 2022 onwards. 


GovS 009: Internal Audit 


Version: 1.0 
Date issued: July 2021 Approved for internal government trial 
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A1 Statement of responsibility 
We take responsibility to ICO for this report which is prepared on the basis of the limitations set out below. 


The responsibility for designing and maintaining a sound system of internal control and the prevention and detection of fraud and other irregularities rests with 
management, with internal audit providing a service to management to enable them to achieve this objective. Specifically, we assess the adequacy and 
effectiveness of the system of internal control arrangements implemented by management and perform sample testing on those controls in the period under 
review with a view to providing an opinion on the extent to which risks in this area are managed. 


We plan our work in order to ensure that we have a reasonable expectation of detecting significant control weaknesses. However, our procedures alone 
should not be relied upon to identify all strengths and weaknesses in internal controls, nor relied upon to identify any circumstances of fraud or irregularity. 
Even sound systems of internal control can only provide reasonable and not absolute assurance and may not be proof against collusive fraud. 


The matters raised in this report are only those which came to our attention during the course of our work and are not necessarily a comprehensive statement 
of all the weaknesses that exist or all improvements that might be made. Recommendations for improvements should be assessed by you for their full impact 
before they are implemented. The performance of our work is not and should not be taken as a substitute for management's responsibilities for the 
application of sound management practices. 


This report is confidential and must not be disclosed to any third party or reproduced in whole or in part without our prior written consent. To the fullest extent 
permitted by law Mazars LLP accepts no responsibility and disclaims all liability to any third party who purports to use or rely for any reason whatsoever on 
the Report, its contents, conclusions, any extract, reinterpretation amendment and/or modification by any third party is entirely at their own risk. 
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Contacts 


Peter Cudlip 
Partner, Mazars 
peter.cudlip@mazars.co.uk 


Darren Jones 
Manager, Mazars 
darren.jones@mazars.co.uk 


Mazars is an internationally integrated partnership, specialising in audit, accountancy, advisory, tax and legal services*. Operating in over 90 countries and 
territories around the world, we draw on the expertise of 40,400 professionals — 24,400 in Mazars’ integrated partnership and 16,000 via the Mazars North 
America Alliance — to assist clients of all sizes at every stage in their development. 


*where permitted under applicable country laws. 


www.mazars.co.uk 
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